* fix regression of ad5e6ee that not setting param assoc: true for …

…`\Safe\json_decode()`

* tweak generated configs to analyze `*.php` but excluding `vendor/**/*` @ phan.php
$ mv .phan/config.php phan.php
@ be

+ job `phan` @ .github/workflows/be_base.yml

.github/workflows/be_base.yml

@@ -35,6 +35,15 @@ jobs:
           compression-level: 9
       - run: ./vendor/bin/infection --coverage=coverage --skip-initial-tests
 
+  phan:
+    runs-on: ${{ inputs.runs-on }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/be
+      - run: >
+          ./vendor/bin/phan --output-mode checkstyle --analyze-twice --config-file phan.php
+          | tee >(cs2pr --notices-as-warnings --graceful-warnings --prepend-filename --prepend-source)
+
   phpstan:
     runs-on: ${{ inputs.runs-on }}
     steps:

be/app/Eloquent/ModelAttributeMaker.php

@@ -21,7 +21,7 @@ public static function makeProtoBufAttribute(string $protoBufClass): Attribute
                 /** @var Message $proto */
                 $proto = new $protoBufClass();
                 $proto->mergeFromString(stream_get_contents($value));
-                return \Safe\json_decode($proto->serializeToJsonString(), false);
+                return \Safe\json_decode($proto->serializeToJsonString());
             },
         )->shouldCache();
     }

be/app/Http/Controllers/PostsQuery.php

@@ -32,6 +32,7 @@ public function query(\Illuminate\Http\Request $request): array
                 ],
                 'query' => 'json|required',
             ])['query'],
+            assoc: true
         )]);
         $params = $validator->params;
 

be/.phan/config.php → be/phan.php

@@ -1,5 +1,7 @@
 <?php
 
+// phpcs:disable PSR1.Files.SideEffects.FoundWithSymbols
+// phpcs:disable Generic.Files.LineLength
 use Phan\Issue;
 
 /**
@@ -50,7 +52,7 @@
     // Note that the **only** effect of choosing `'5.6'` is to infer that functions removed in php 7.0 exist.
     // (See `backward_compatibility_checks` for additional options)
     // Automatically inferred from composer.json requirement for "php" of "^8.3"
-    'target_php_version' => '8.1',
+    'target_php_version' => null,
 
     // If enabled, missing properties will be created when
     // they are first seen. If false, we'll report an
@@ -193,7 +195,8 @@
     //
     // To more aggressively detect dead code,
     // you may want to set `dead_code_detection_prefer_false_negative` to `false`.
-    'dead_code_detection' => false,
+    'dead_code_detection' => true,
+    'dead_code_detection_prefer_false_negative' => false,
 
     // Set to true in order to attempt to detect unused variables.
     // `dead_code_detection` will also enable unused variable detection.
@@ -269,14 +272,14 @@
     // directories/files, unanalyzable files, or files that
     // can't be removed for whatever reason.
     // (e.g. `'@Test\.php$@'`, or `'@vendor/.*/(tests|Tests)/@'`)
-    'exclude_file_regex' => '@^vendor/.*/(tests?|Tests?)/@',
+    'exclude_file_regex' => '@^vendor/.*/(tests?|Tests?)/|_ide_helper.*\.php@',
 
     // A list of files that will be excluded from parsing and analysis
     // and will not be read at all.
     //
     // This is useful for excluding hopelessly unanalyzable
     // files that can't be removed for whatever reason.
-    'exclude_file_list' => [],
+    'exclude_file_list' => ['.phpstorm.meta.php'],
 
     // A directory list that defines files that will be excluded
     // from static analysis, but whose class and method
@@ -289,9 +292,7 @@
     //       party code, directories containing that code
     //       should be added to the `directory_list` as well as
     //       to `exclude_analysis_directory_list`.
-    'exclude_analysis_directory_list' => [
-        'vendor/',
-    ],
+    'exclude_analysis_directory_list' => ['vendor/'],
 
     // Enable this to enable checks of require/include statements referring to valid paths.
     // The settings `include_paths` and `warn_about_relative_include_statement` affect the checks.
@@ -303,9 +304,7 @@
 
     // List of case-insensitive file extensions supported by Phan.
     // (e.g. `['php', 'html', 'htm']`)
-    'analyzed_file_extensions' => [
-        'php',
-    ],
+    'analyzed_file_extensions' => ['php'],
 
     // You can put paths to stubs of internal extensions in this config option.
     // If the corresponding extension is **not** loaded, then Phan will use the stubs instead.
@@ -347,42 +346,10 @@
     //
     // Thus, both first-party and third-party code being used by
     // your application should be included in this list.
-    'directory_list' => [
-        '../tbclient.protobuf/tbm_php/GPBMetadata',
-        '../tbclient.protobuf/tbm_php/TbClient',
-        'app',
-        'vendor/barryvdh/laravel-debugbar/src',
-        'vendor/barryvdh/laravel-ide-helper/src',
-        'vendor/friendsofphp/php-cs-fixer/src',
-        'vendor/google/protobuf/src/GPBMetadata/Google/Protobuf',
-        'vendor/google/protobuf/src/Google/Protobuf',
-        'vendor/google/recaptcha/src/ReCaptcha',
-        'vendor/infection/infection/src',
-        'vendor/larastan/larastan/src',
-        'vendor/laravel/framework/src/Illuminate',
-        'vendor/nunomaduro/collision/src',
-        'vendor/phan/phan/src/Phan',
-        'vendor/phpmd/phpmd/src/main/php',
-        'vendor/phpstan/extension-installer/src',
-        'vendor/phpstan/phpstan-deprecation-rules/src',
-        'vendor/phpstan/phpstan-strict-rules/src',
-        'vendor/phpunit/phpunit/src',
-        'vendor/psalm/plugin-laravel/src',
-        'vendor/spatie/laravel-collection-macros/src',
-        'vendor/spatie/laravel-ignition/src',
-        'vendor/spatie/regex/src',
-        'vendor/thecodingmachine/phpstan-safe-rule/src',
-        'vendor/thecodingmachine/safe/deprecated/Exceptions',
-        'vendor/thecodingmachine/safe/generated/Exceptions',
-        'vendor/thecodingmachine/safe/lib/Exceptions',
-        'vendor/vimeo/psalm/src/Psalm',
-    ],
+    'directory_list' => ['.'],
 
     // A list of individual files to include in analysis
     // with a path relative to the root directory of the
     // project.
-    'file_list' => [
-        'vendor/thecodingmachine/safe/lib/DateTime.php',
-        'vendor/thecodingmachine/safe/lib/DateTimeImmutable.php',
-    ],
+    'file_list' => [],
 ];

be/tests/Feature/App/Http/PostsQuery/ParamsValidatorTest.php

@@ -31,7 +31,7 @@ public function testValidate(int $errorCode, array $params): void
             $sut = self::newParamsValidator($params);
             $sut->addDefaultParamsThenValidate(shouldSkip40003: false);
         } catch (HttpResponseException $e) {
-            self::assertEquals($errorCode, \Safe\json_decode($e->getResponse()->getContent())['errorCode']);
+            self::assertEquals($errorCode, \Safe\json_decode($e->getResponse()->getContent())->errorCode);
         }
     }